Enclaves

Service Contract

Service contract fields and validation rules.

Every release includes a service contract. Enclavely validates this contract before deployment.

Supported contract

{
  "contractVersion": "v1",
  "transport": "http1-vsock",
  "enclave": {
    "cid": 16,
    "port": 8080,
    "healthcheckPath": "/healthz",
    "readinessPath": "/readyz",
    "attestationRequired": true,
    "capabilities": ["decrypt"]
  }
}

Fields

contractVersion: must be v1
transport: must be http1-vsock
enclave.cid: positive integer
enclave.port: 1..65535
enclave.healthcheckPath: path starting with /
enclave.readinessPath: path starting with /
enclave.attestationRequired: boolean
enclave.capabilities: non-empty list of sign and/or decrypt

In `enclavely.yaml`

service_contract:
  contract_version: v1
  transport: http1-vsock
  enclave:
    cid: 16
    port: 8080
    healthcheck_path: /healthz
    readiness_path: /readyz
    attestation_required: true
    capabilities: [decrypt]

Validation points

enclavely build validates the contract schema
enclavely deploy enforces contract values used for rollout checks

Health and readiness paths here must match what your service actually exposes.

Readiness Checks

Verify deploy readiness before shipping.

Attestation

What attestation means for release safety.

On this page

Supported contract Fields In enclavely.yamlValidation points